September 2017

09/28/2017

The hits just keep on coming. A recent report indicates that the latest version of Internet Explorer leaks data from the address bar. As Ars Technicareports, "The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits 'enter'. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services."

The solution is to stop using Internet Explorer. Users should use Chrome, Firefox, Edge, Opera or some other non-IE browser.

09/27/2017

Microsoft announced that Office 2019 will be available late next year. According to a post by Windows guru Paul Thurrott, "Office 2019 is the next perpetual update for Office," said Microsoft's Jared Spataro. "This release will include perpetual versions of the Office apps (including Word, Excel, PowerPoint, and Outlook) and servers (including Exchange, SharePoint, and Skype for Business)."

All I can say is that Microsoft seems to be cognizant that not everyone wants to be held hostage to annual subscription fees for cloud services. As I see it, it's all about money. As an example, Sage will no longer offer Timeslips as an on premise solution from October 1, 2017 going forward. That's not good news for many solo and small firm attorneys. The cost of a one year subscription is not far off from what it costs to actually purchase the software. I see it as a money sucking process. Kudos to Microsoft for providing a purchase option and not forcing everyone to go with the subscription model. Even Intuit still has an on premise option for QuickBooks and doesn't force you to pay money every year for the online version. Bad move Sage.

09/26/2017

Modern smartphones have several options for unlocking the device. These include facial recognition, iris scan, fingerprint, password, PIN and swipe on an Android phone. Researchers at the U.S. Naval Academy and the University of Maryland Baltimore County found that a swipe pattern on an Android device is less secure than a PIN. The study found that a lurker could correctly capture the swipe pattern 64 percent of the time with a single observation. If observed twice, accuracy went up to 80 percent. In contrast, a lurker was only 11 percent successful with a single viewing of a 6 digit PIN. After two observations, the rate increased to 27 percent.

We already know that facial recognition on a Samsung Galaxy can be fooled with a digital photo. Researchers haven't had a chance to see if the iPhone implementation is any better. Biometrics may be an issue since you can be compelled to unlock your device with something about you (fingerprint, face, etc.) and not something you know (PIN, password, etc.). Even though the study found that PINs are better than a swipe, I would recommend a password instead. A password has 26 options (52 including capitals) for each position, whereas a PIN only has 10.

09/25/2017

SSDs are fast, but should they be used in a NAS? Most NAS units will accept 2.5 inch drives so SSDs will physically fit in the enclosure. The enclosure usually only has a gigabit Ethernet connection so it is limited to around 110MB/sec data transfer speed. That means you'll need to speed a boatload of money for 10GbE hardware to take advantage of SSDs speed. PC & Tech Authorityran some tests just to prove that SSDs are a waste of money for a typical NAS unit. Using SSDs will use less energy and be a lot quieter, but not worth the $1,000 or more additional cost.

09/21/2017

Seriously? Apparently, when you turn off Wi-Fi and Bluetooth in the Control Center of iOS 11 it really doesn't turn it off. But wait…that's not a bug, it's a feature. According to Motherboard, this operation is exactly what Apple intended. When the user toggles Bluetooth and Wi-Fi off in the Control Center, you will immediately disconnect. That doesn't mean the wireless technology isn't available. Motherboard reported, "That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation."

What a crap implementation. Don't count on using Control Center to actually control anything. Who knew? Here I thought that control actually meant to control something. You'll have to go to the Settings app to REALLY turn off Bluetooth and Wi-Fi.

09/20/2017

Apple has released iOS 11. There are a lot of changes with this new version of iOS and some are not happy with the release. Specifically, Windows guru Paul Thurrott says iOS 11 is a mess. Paul criticizes Apple for being inconsistent with how iOS 11 operates on various devices. As an example, "If you have the largest iPad Pro (12.9-inch, either generation), you can display two apps side-by-side. Those apps each look and work like traditional iPad apps. But if you have a smaller (9- or 10.5-inch) iPad Pro, you cannot do this." Paul also describes other crazy issues with iOS 11 such as requiring two hands to do some tasks.

iOS 11 will not run any 32-bit apps either. That's going to break a lot of apps. Should you update now or wait until application developers update applications to 64-bit code? Which installed apps won't run on iOS 11? To get an idea of which apps aren't compatible with iOS 11, go to Settings > General > About > Applications and a list of incompatible apps will be displayed. Don't update to iOS 11 if there are apps listed you absolutely must use.

09/19/2017

CCleaner is a popular consumer utility for cleaning up a Windows system. Unfortunately, CCleaner was compromised by hackers to distribute a malware laden version capable of capturing your data and possibly taking screen shots too. The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. There will be a registry key added if you are infected with the bad version. According to Bleeping Computer, under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo, there will be two data values named MUID and TCID, which are used by the installed Floxif infection. Upgrading to the latest version of CCleaner will not remove the key.

You have to manually update CCleaner to version 5.34 in order to remove the malware. Avast said it already pushed an update to CCleaner Cloud users, and they should be fine. The clean version is CCleaner Cloud 1.07.3214.

This would be a good time to remind readers that CCleaner is licensed for personal use only. You are violating the license agreement if you use CCleaner on your work computer.

09/18/2017

According to Bleeping Computer, Google will delete your Android backup files stored in your Google Drive account if you don't use your phone for two weeks. Basically, if you don't use your phone for two weeks, Google will start a 60 day count down timer for old Android backup files. The bad news is that you get no warning this is going to occur. I guess the solution is to have your phone "welded" to your body and use it at least every two weeks.

09/14/2017

There has been a ton of news about Apple's recent announcements of new products, especially the iPhone. I don't understand why there is so much interest in a product that isn't even here yet and won't be for many, many weeks. Worry about what you may already own. TechRepublicreports that there is a security flaw in iOS that is transmitting Microsoft Exchange credentials without any encryption even if SSL is enabled. James Litwin discovered the problem and stated that Apple and Microsoft have been aware of the issue since February and have been dismissive about the situation. Litwin calls the flaw LeakyX. iPhone users can fix the problem by NOT synchronizing with their Exchange server. Sure…that won't happen. The other solution is to get an Android phone…that won't happen either. Let's hope there's a fix in the next version of iOS that doesn't send Exchange login credentials in clear text.

09/13/2017

According to a report by Threat Post, Security researchers at IoT security firm Armis have discovered several bugs that allow hackers to access your device because Bluetooth is on. Armis is calling the collection of eight zero-day vulnerabilities BlueBorne. "If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a 'man-in-the-middle' to gain access to critical data and networks without user interaction," according to the company. "The attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode… since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device." The BlueBorne vulnerabilities include:

Apple devices running iOS 10 are safe from BlueBorne, but older versions are vulnerable. Microsoft deployed a patch in July to deal with BlueBorne. Google has provided a patch for Android, but it is up to the carriers to distribute the update. If you are using an Android device that can't run Marshmallow, Nougat or Oreo; or an Apple device that can't run iOS 10; you will never see a patch. Now would be a good time to upgrade your hardware.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.